I have done B.Tech (Computer Science)..presently i am working as a Technical support engineer(for XP and Vista) .I want to make my career in the field of security but I am confused as how to start my career in security field as i dont have any experience in this field .Please guide me(from JOB perspective and considering present market scenario) How I can enter in Security field?

-taking a pay cut and taking a junior position on security team to learn

in my experience if someone is truly passionate about security they can get a junior position based on that (passion) and having the background knowledge (cant get around that) available in books and courses. what most people dont have time for is to teach you all the basic crap you can learn on your own. show up with the "book" knowledge ready to do the keyboard time and you should be able to grab a security position.

my 2nd question would be why you think you want to do security and your end goals? you should be able to articulate that to any employer.

There are much much "easier" jobs in IT and security involves a mindset and dedication that not everyone possesses. Merely "wanting to learn hacking" is usually not enough.

Ketchup and ChrisG are both quite experienced and have much knowledge, so take their words seriously and adhere to their recommendations. Although I can understand the situation you are in, you should be able to get your foot into someone's door when you try your best and be determined in your goals.

Ya! I know i have to work very hard ...but can anybody just advice me regarding programming languages on which i have to emphasize more or languages which are must to know ? Moreover, regarding certification...is it necessary to get CCNA certification before going for any Security Certification.(As most of my frnd told me that it is necessary to get networking certfication before going for Security Certification). If yes... then can you advice me if CCNA is good or i have to go for any other certfication? If no...then can you advice me ...as for which certfication i should go.... Actually , i think while going through various books and materials ...i also target any perticular Certification and just prepare accordingly...

Ya.. i know u all may be thinking that I am going too fast ..but for me it is necessary..

Frankly speaking...actually one thing I didn't told you is that I am on the verse ofloosing my job...most probably within this month...

So, I just want to do something which will provide me a job in the field of my interest .

Ya .. I know it will take some time but i am ready to give my fullest for my passion...

Do you have already knowledge of one or more programming languages? If so, you may take a look at C, C++, Assembler, SQL and eventually PHP. Depending in which area in security you would like to work, you may focus more on weblanguages than on others for example. Learning one or two scripting languages may help too (Python, Bash, Perl, Ruby, etc.). Personally I would say it doesn't matter much which programming language you learn..as long as you understand the concepts behind it, switching to another language isn't a big problem.

Further I would say it is not a must to obtain CCNA before going into Security, though it wouldn't hurt if you go for it (or another similar one, such as Network+ or depending on your previous knowledge Security+, both by CompTIA). Understanding topics covered in those would certainly help you for your further progressing. In CCNA you will also learn neutral network basics, though there is a good amount of Cisco specific stuff included (e.g. commands for operating Cisco devices) while the ones offered by CompTIA are vendor-independent.

As a first certification people at EH-Net often recommend Security+.

Last edited by UNIX on Wed Sep 09, 2009 12:14 am, edited 1 time in total.

Actually i have knowledge of Visual Studio.Net and C but only basic level.So, I think it is better to go for C, C++ and make them more strong.Moreover I think Python would be a better scripting language to learn . As per your advice I think it is better to go for Security+ by CompTIA(or if additional then Network+ instead of CCNA as Network+ is vendor independent).

CEH v6 is the entry level certification in security field. CEH is the security course which require sound knowledge of System & network. If you dont have networking knowledge you can do CCNA and to secure any network you should know the network first. no one company will give their system or network to secure until and unless you dont know the system .As per our educational expert for security career of Jodo Institute there are three levels:1 Entry level : MCSE, CCNA, CEH (Appin Degree is not recognised as global certification)2 specialization level: CCNA Security, CCSP, CCSA.3 Expert Level: CISSP, CCIE Security (for expert level you need to have five yrs of experience in Security)www.jodoinstitute.com

Blah blah blah...got bored and stopped reading at the C++ stuff.Come on gentlemen (I assume!) Investment, investment and REALLY good self study materials...you can spend your life wondering thro' the web looking for the best but at some point you need to figure out whats hot now and how much time you need to make a clear jump (3mnths-3certs for pennies) in your cert path...self study material with the technology we have today..... i say no more!!!

In my opinion, certs don't mean much more than you can pass a test. I would stick with the C++ materials you are reading. Good programming understanding is very important to the information security field, in my opinion.

Security+ is somewhat of an entry-level cert, but I think it's a good one. I think it would be a good start if you ever decided to go after the CISSP. I can't comment on ECSA or CHFI since I don't have either of those.